I am trying to use IPSec on my internal network. What I hope to achieve is that all internal communications are using IPSec, yet the ISA server (acting as a proxy), will communicate with the internet using standard TCP\IP. (i.e end user uses IPSec to communicate with ISA server, which communicates with internet with no IPSec) I set up policies where the ISA server requests IPsec, but does not require it, and client machines will only use IPsec if requested. By looking at IPSecmon, I can confirm that IPsec is being used on the internal network when communicating with the ISA servers, but I can't get access to the internet. Is it possible to have this setup? Cheers, John Burridge